Community discussions

MUM Europe 2020
 
Ghino
newbie
Topic Author
Posts: 27
Joined: Tue Feb 26, 2019 7:05 pm

2 wan load balancing with failover problems

Tue Aug 20, 2019 5:29 pm

Hi,
I have configured my router board with YouTube mikrotik video for 2 wan load balancing and failover but I have some problems.
- open news pages is very slow as dns server has some problems to resolve host
- YouTube open slowly an frequently stop during video watching
- I have a raspberry with homeassistant and it can not open from outside . If I disable one of wan I can access correctly

What can I do? For raspberry connected alone on ethernet port there is a way o rules to setup to employ only a wan outside load balancing?
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1796
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: 2 wan load balancing with failover problems

Tue Aug 20, 2019 10:09 pm

Hey

For starters, post your current config: /export hide-sensitive (in-between code tags)
 
Ghino
newbie
Topic Author
Posts: 27
Joined: Tue Feb 26, 2019 7:05 pm

Re: 2 wan load balancing with failover problems

Wed Aug 21, 2019 10:34 am

hi,

this is my configuration wan1 static ip 192.168.89.10 and wan2 192.168.88.10 internal lan 192.168.1.0
# aug/21/2019 09:24:31 by RouterOS 6.45.3
# software id = ZS3Y-57J1
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 8A77094AEC63
/interface bridge
add admin-mac=B8:69:F4:39:B2:91 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment=ICARO name=WAN1
set [ find default-name=ether2 ] comment=HO disabled=yes name=WAN2
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
disabled=no distance=indoors frequency=auto installation=indoor mode=\
ap-bridge ssid=domus wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX \
disabled=no distance=indoors frequency=auto installation=indoor mode=\
ap-bridge ssid=F3272Fast wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=pool1 ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=pool1 disabled=no interface=bridge name=dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=WAN1 list=WAN
add interface=WAN2 list=WAN
add list=WAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=192.168.1.0
add address=192.168.88.10/24 interface=WAN2 network=192.168.88.0
add address=192.168.89.10/24 comment=M1100_usb_ip_fisso_dmz disabled=yes \
network=192.168.89.0
add address=192.168.89.10/24 comment=m1100_LAN_dmz interface=WAN1 network=\
192.168.89.0
/ip arp
add address=192.168.1.65 interface=bridge mac-address=B8:27:EB:FC:65:EF
/ip dhcp-client
add dhcp-options=hostname,clientid
/ip dhcp-server lease
add address=192.168.1.65 mac-address=B8:27:EB:FC:65:EF
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
add address=8.8.8.8 name=google
/ip firewall address-list
add address=192.168.1.1-192.168.1.2 list=router
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=fasttrack-connection chain=forward dst-port=53 protocol=tcp
add action=fasttrack-connection chain=forward dst-port=53 protocol=udp
/ip firewall mangle
add action=accept chain=prerouting comment=wan1_icaro_prerouting dst-address=\
192.168.89.0/24 in-interface=bridge
add action=accept chain=prerouting comment=wan2_ho_prerouting_wan2 dst-address=\
192.168.88.0/24 in-interface=bridge
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridge new-connection-mark=WAN1_conn \
passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridge new-connection-mark=WAN2_conn \
passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
in-interface=bridge new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
in-interface=bridge new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2 passthrough=yes
add action=accept chain=prerouting comment=router dst-address-list=router
add action=accept chain=forward comment=dns port=53 protocol=tcp
add action=accept chain=forward comment=dns port=53 protocol=udp
add action=accept chain=forward packet-mark="client-dw -pk" port=\
80,443,5222,5223,5228 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=
out,none out-interface=WAN1
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=
out,none out-interface=WAN2
add action=dst-nat chain=dstnat dst-port=53 protocol=udp src-address=\
192.168.1.65 to-addresses=8.8.8.8
/ip route
add check-gateway=ping distance=1 gateway=192.168.89.1 routing-mark=to_WAN1
add check-gateway=ping distance=5 gateway=192.168.88.1 routing-mark=to_WAN2
add comment=static_ip_nodhcp distance=1 gateway=192.168.88.1
add distance=1 gateway=192.168.89.1
/system clock
set time-zone-name=Europe/Rome
/system ntp client
set enabled=yes primary-ntp=37.247.53.178 secondary-ntp=80.211.178.99
/system ntp server
set broadcast=yes enabled=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1796
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: 2 wan load balancing with failover problems

Wed Aug 21, 2019 1:05 pm

you should remove fasttrack (action=fasttrack-connection, 3 instances), as it's not compatible with loadbalancing

"add action=accept chain=prerouting comment=router dst-address-list=router" should be at the beginning of chain / before all LB logic

your default routes should have different distances: ex 1 & 2
add comment=static_ip_nodhcp distance=1 gateway=192.168.88.1
add distance=1 gateway=192.168.89.1
 
Ghino
newbie
Topic Author
Posts: 27
Joined: Tue Feb 26, 2019 7:05 pm

Re: 2 wan load balancing with failover problems

Wed Aug 21, 2019 1:18 pm

Hi,

Thanks for help, I removed fast track entities but I don't know how to move that

add action=accept chain=prerouting comment=router dst-address-list=router" should be at the beginning of chain / before all LB logic
 
Ghino
newbie
Topic Author
Posts: 27
Joined: Tue Feb 26, 2019 7:05 pm

Re: 2 wan load balancing with failover problems

Wed Aug 21, 2019 1:31 pm

lol,

sorry i'm new on mikrotik.. i did.. litterally move up on list :-)


With distance i can modify ratio between use of two wan?
because i would use second wan less than first one, but i don't know if it's possible to achieve that too
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1796
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: 2 wan load balancing with failover problems

Wed Aug 21, 2019 2:11 pm

the default routes are only relevant in context of fail-over: each connection gets assigned to either Wan1 or Wan2 in mangling, only when that link is not up will the default be relevant.

the current load balancing is 50/50
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridge new-connection-mark=WAN1_conn \
passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridge new-connection-mark=WAN2_conn \
passthrough=yes per-connection-classifier=both-addresses:2/1
 
Ghino
newbie
Topic Author
Posts: 27
Joined: Tue Feb 26, 2019 7:05 pm

Re: 2 wan load balancing with failover problems

Wed Aug 21, 2019 2:19 pm

thanks again ..
is there a way to set 80/20 for example?
or stop on max mb reached dayly from wan2?
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1796
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: 2 wan load balancing with failover problems

Wed Aug 21, 2019 3:16 pm

is there a way to set 80/20 for example?
Not directly, but you can achieve this by being creative: repeat a link multiple times, for 80/20, pretend you have 5 links each good for 20% of traffic: wan1,wan1,wan1,wan1,wan2
Another option, is bandwidth based load-balancing: viewtopic.php?f=2&t=151314
or stop on max mb reached dayly from wan2?
you would have to script that: on regular basis check stats on wanX and if condition met, switch to other. then at midnight switch to default one again.
 
Ghino
newbie
Topic Author
Posts: 27
Joined: Tue Feb 26, 2019 7:05 pm

Re: 2 wan load balancing with failover problems

Fri Dec 06, 2019 11:55 pm

Hi, I update this post because I changed one of the LTE modem..now a Huawei b715 and I setup to connect by a static DMZ up to the mikrotik router.
The problem is that it is ok for two five seconds then only the internet connection drop. On routes I had two rules that set the gateway on Huawei and check by ping if is reachable. Now internet drop as the gateway went unrachable.
What would be the reason ?..DMZ on Huawei does not work properly or could be something else to set up.

Who is online

Users browsing this forum: _saik0, almdandi, Andrejm, mktkRB, MSN [Bot] and 107 guests